STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Apple macOS 12 (Monterey) Security Technical Implementation Guide

V-252539

CAT III (Low)

The macOS system must restrict the ability of individuals to write to external optical media.

Rule ID

SV-252539r991589_rule

STIG

Apple macOS 12 (Monterey) Security Technical Implementation Guide

Version

V1R9

CCIs

CCI-000366

Discussion

External writeable media devices must be disabled for users. External optical media devices can be used to exfiltrate sensitive data if an approved data-loss prevention (DLP) solution is not installed.

Check Content

Verify the system is configured to disable writing to external optical media devices:

$ /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep 'BurnSupport'

BurnSupport = off;

If the command does not return a line, this is a finding.
If 'BurnSupport' is set to a value other than 'off' and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Fix Text

This setting is enforced using the "Restrictions Policy" configuration profile.